keycloak_proxy.conf.example

upstream keycloak {
    server 127.0.0.1:8080;
}

server {
    server_name # Add your domain name for the auth service here.

    error_log /var/log/nginx/keycloak_error.log;
    access_log /var/log/nginx/keycloak_access.log;

    # Keycloak can set large cookies and headers
    proxy_buffer_size 16k;
    proxy_buffers 8 16k;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;

    # The authentication and authorization service.
    location /admin/ {
        proxy_pass http://keycloak/admin/;
    }

    location /js/ {
        proxy_pass http://keycloak/js/;
    }

    location /realms/ {
        proxy_pass http://keycloak/realms/;
    }

    location /resources/ {
        proxy_pass http://keycloak/resources/;
    }

    location /robots.txt {
        proxy_pass http://keycloak/robots.txt;
    }

    listen 443 ssl;
    ssl_certificate # Add your path to your certificate chain
    ssl_certificate_key # Add your path to your certificate key

    # A fallback page in case someone visits directly.
    # Volume mounted in compose.yml at default root /app directory.
    location / {
        index auth_root_page.html;
    }
}